Sync from SUSE:SLFO:Main bind revision 5611014a1cd1e4302729c582d8f43f18
This commit is contained in:
parent
122899a65b
commit
80ae6a9e4b
BIN
bind-9.18.24.tar.xz
(Stored with Git LFS)
BIN
bind-9.18.24.tar.xz
(Stored with Git LFS)
Binary file not shown.
@ -1,16 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQIzBAABCgAdFiEEcGtsKGIOdvkdEfffUQpkKgbFLOwFAmXI5VgACgkQUQpkKgbF
|
|
||||||
LOwcMA/+Ow94NYy2xIcuN2bqLtZLnfM8tWU3NL/mUJed/iYp//Q0CI3Q6pnLmPVY
|
|
||||||
1j5trMDmNGcDHFg1RN4GKtsZmRm4icjANyuqYA7Bcqb2Qr7cezbkbpGrY6AI7ex/
|
|
||||||
wGtt5+OL+1aZgAQWZV35XVmyW7c+HJ1zQc28Ctfh7pRwOU+sit7OGvTSZZVPaY/Q
|
|
||||||
CzyOQnLE2lqpTZzcUT7m/ohHW7mYkf4GN+xRXuvD/TyAE+h3XetYdK03C8+lRY/y
|
|
||||||
r6KbucVG2hm/6L5u00s2mPMH68vTidQiT1YPMMHcWSAXZ51OcVJdLCg5CVCnXDIJ
|
|
||||||
O8PoUIs7cxvUstfdRGie7vyCwqsk9fwgH/9M+81OreizdxX7G/orKyzIfiBRxcMw
|
|
||||||
UHpuc0bMfZ3CWigo79q1FdXaSpC+RA+noBqoDJS6/eMl9M0mFOUwuNIsDbTqHoRK
|
|
||||||
tGJu9xFz4vjgisXIuXCyNEJfvzESRl/w7fAs90sumMiVrjxWw7JXAUsZfaMNQhI5
|
|
||||||
LQedp+SGtrXQLUqLJe/nHeAKSuXKvf6ftgs5/nVBmLS/KPRfnciysDd7Vuu5+lFB
|
|
||||||
FrEQ4b6m80H7W0kwRdqPEiFcGGS3Zsiyi1SAERMudsoR/JiDGVMuSRuulRwJVQw4
|
|
||||||
rpylvX+yCy7VRXQIIo4K65TAWtHLnld3Lp1fnrmHbzL9ZrE2exE=
|
|
||||||
=CnZp
|
|
||||||
-----END PGP SIGNATURE-----
|
|
BIN
bind-9.20.0.tar.xz
(Stored with Git LFS)
Normal file
BIN
bind-9.20.0.tar.xz
(Stored with Git LFS)
Normal file
Binary file not shown.
16
bind-9.20.0.tar.xz.asc
Normal file
16
bind-9.20.0.tar.xz.asc
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQIzBAABCgAdFiEEcGtsKGIOdvkdEfffUQpkKgbFLOwFAmaNMyYACgkQUQpkKgbF
|
||||||
|
LOzwnBAAgICQ7MC0rkXZxD/8X3vatdpDZ4MkUvkhOR+J4kkKWBuSqZJQvuWA8XeS
|
||||||
|
/rycCHWFeUf3V9Wj6XbCPa1l4eV5rAnSVJtHHoDoK9Tt/1H6HCd0v2b270a9q1pU
|
||||||
|
ra5Jdi/ZP76iRYAAse8FpRymMcjEk/aXnnnOsCACOY8MNvxC83mmrciPJJxloEBy
|
||||||
|
9zGPGzkvnYTM1H/qSR0GrUsGLtzKPiXbvtsRo9jI3f8kL9Tdxw9IlmH0OY14L26L
|
||||||
|
QKgaFC4Sa3J2PmELLCORtvUEDeKi9FAG9+6ua3h7ork2n/cARmOhvmZ8FFgLlB1e
|
||||||
|
7GSWCMujw+h44vNJrz1w14Bm1sN3k9PgY34i7ter/WA6ZTFDIWyhQh5tHrbjsdyv
|
||||||
|
DTlE8EvVNIg4fYMCew57yedXqzWO6bavwFlsiPyjXyG9+k9xSeQEYuuLGismF3gQ
|
||||||
|
AGXPyUUAiqhnyQd1uCf8qK5sgkH39+g5TRFl5oSvZavOAr/GtzsNhAo5Ii5ia8qL
|
||||||
|
mUVESk+Jyl4/rKJAAMwWtdl8mk8RYx1BF0XAG/mnvC81HBcuiu5aRBa5N3p8Kg+W
|
||||||
|
cUMPOjDhXn90pxEcD1MSg6nH1P0sVVOYWaQvJ1FtzKUp7JKNJus0yjgQarF5VI/l
|
||||||
|
7VSUi36dGSlDyM4EvspS/KAnItErzA8Vn40R9x8qbmzjD1Ka5LU=
|
||||||
|
=wneo
|
||||||
|
-----END PGP SIGNATURE-----
|
111
bind.changes
111
bind.changes
@ -1,3 +1,114 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jul 24 09:03:08 UTC 2024 - Jorik Cronenberg <jorik.cronenberg@suse.com>
|
||||||
|
|
||||||
|
- Update to new major version 9.20.0
|
||||||
|
For a complete list of all changes see:
|
||||||
|
* https://bind9.readthedocs.io/en/v9.20.0/notes.html
|
||||||
|
* The CHANGES file in the source RPM
|
||||||
|
|
||||||
|
Some noteworthy changes:
|
||||||
|
* Added new BuildRequires liburcu for lock free data structures.
|
||||||
|
* A new DNSSEC tool dnssec-ksr has been added to create Key
|
||||||
|
Signing Request (KSR) and Signed Key Response (SKR) files.
|
||||||
|
* /etc/bind.keys and /var/lib/named/named.root.key have been
|
||||||
|
removed as the correct defaults are pre-compiled and there is
|
||||||
|
no need to configure bind.keys manually.
|
||||||
|
* The functions that were in the libbind9 shared library have
|
||||||
|
been moved to the libisc and libisccfg libraries. The now-empty
|
||||||
|
libbind9 has been removed and is no longer installed.
|
||||||
|
* The irs_resconf module has been moved to the libdns shared
|
||||||
|
library. The now-empty libirs library has been removed and is
|
||||||
|
no longer installed.
|
||||||
|
|
||||||
|
Security Fixes:
|
||||||
|
* A malicious DNS client that sent many queries over TCP but
|
||||||
|
never read the responses could cause a server to respond slowly
|
||||||
|
or not at all for other clients. This has been fixed.
|
||||||
|
(CVE-2024-0760)
|
||||||
|
[bsc#1228255]
|
||||||
|
* It is possible to craft excessively large resource records
|
||||||
|
sets, which have the effect of slowing down database
|
||||||
|
processing. This has been addressed by adding a configurable
|
||||||
|
limit to the number of records that can be stored per name and
|
||||||
|
type in a cache or zone database. The default is 100, which can
|
||||||
|
be tuned with the new max-records-per-type option.
|
||||||
|
* It is possible to craft excessively large numbers of resource
|
||||||
|
record types for a given owner name, which has the effect of
|
||||||
|
slowing down database processing. This has been addressed by
|
||||||
|
adding a configurable limit to the number of records that can
|
||||||
|
be stored per name and type in a cache or zone database. The
|
||||||
|
default is 100, which can be tuned with the new
|
||||||
|
max-types-per-name option. (CVE-2024-1737)
|
||||||
|
[bsc#1228256]
|
||||||
|
* Validating DNS messages signed using the SIG(0) protocol (RFC
|
||||||
|
2931) could cause excessive CPU load, leading to a
|
||||||
|
denial-of-service condition. Support for SIG(0) message
|
||||||
|
validation was removed from this version of named.
|
||||||
|
(CVE-2024-1975)
|
||||||
|
[bsc#1228257]
|
||||||
|
* Due to a logic error, lookups that triggered serving stale data
|
||||||
|
and required lookups in local authoritative zone data could
|
||||||
|
have resulted in an assertion failure. This has been fixed.
|
||||||
|
* Potential data races were found in our DoH implementation,
|
||||||
|
related to HTTP/2 session object management and endpoints set
|
||||||
|
object management after reconfiguration. These issues have been
|
||||||
|
fixed.
|
||||||
|
* When looking up the NS records of parent zones as part of
|
||||||
|
looking up DS records, it was possible for named to trigger an
|
||||||
|
assertion failure if serve-stale was enabled. This has been
|
||||||
|
fixed. (CVE-2024-4076)
|
||||||
|
[bsc#1228258]
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri May 17 16:05:37 UTC 2024 - Jorik Cronenberg <jorik.cronenberg@suse.com>
|
||||||
|
|
||||||
|
- Update to release 9.18.27
|
||||||
|
New Features:
|
||||||
|
* A new option signatures-jitter has been added to dnssec-policy
|
||||||
|
to allow signature expirations to be spread out over a period
|
||||||
|
of time.
|
||||||
|
|
||||||
|
Feature Changes:
|
||||||
|
* DNSSEC signatures that are not valid because the current time
|
||||||
|
falls outside the signature inception and expiration dates are
|
||||||
|
skipped instead of causing an immediate validation failure.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sun Apr 21 21:17:19 UTC 2024 - Jorik Cronenberg <jorik.cronenberg@suse.com>
|
||||||
|
|
||||||
|
- Update to release 9.18.26
|
||||||
|
New Features:
|
||||||
|
* The statistics channel now includes counters that indicate the
|
||||||
|
number of currently connected TCP IPv4/IPv6 clients.
|
||||||
|
* Added RESOLVER.ARPA to the built in empty zones.
|
||||||
|
|
||||||
|
Bug Fixes:
|
||||||
|
* Changes to listen-on statements were ignored on reconfiguration
|
||||||
|
unless the port or interface address was changed, making it
|
||||||
|
impossible to change a related listener transport type. That
|
||||||
|
issue has been fixed.
|
||||||
|
* A bug in the keymgr code unintentionally slowed down some
|
||||||
|
DNSSEC key rollovers. This has been fixed.
|
||||||
|
* Some ISO 8601 durations were accepted erroneously, leading to
|
||||||
|
shorter durations than expected. This has been fixed.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Mar 20 13:39:16 UTC 2024 - Jorik Cronenberg <jorik.cronenberg@suse.com>
|
||||||
|
|
||||||
|
- Update to release 9.18.25
|
||||||
|
Bug Fixes:
|
||||||
|
* A regression in cache-cleaning code enabled memory use to grow
|
||||||
|
significantly more quickly than before, until the configured
|
||||||
|
max-cache-size limit was reached. This has been fixed.
|
||||||
|
* Using rndc flush inadvertently caused cache cleaning to become
|
||||||
|
less effective. This could ultimately lead to the configured
|
||||||
|
max-cache-size limit being exceeded and has now been fixed.
|
||||||
|
* The logic for cleaning up expired cached DNS records was
|
||||||
|
tweaked to be more aggressive. This change helps with enforcing
|
||||||
|
max-cache-ttl and max-ncache-ttl in a timely manner. [GL #4591]
|
||||||
|
* It was possible to trigger a use-after-free assertion when the
|
||||||
|
overmem cache cleaning was initiated. This has been fixed.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Feb 13 15:15:21 UTC 2024 - Jorik Cronenberg <jorik.cronenberg@suse.com>
|
Tue Feb 13 15:15:21 UTC 2024 - Jorik Cronenberg <jorik.cronenberg@suse.com>
|
||||||
|
|
||||||
|
13
bind.spec
13
bind.spec
@ -56,7 +56,7 @@
|
|||||||
%define _fillupdir %{_localstatedir}/adm/fillup-templates
|
%define _fillupdir %{_localstatedir}/adm/fillup-templates
|
||||||
%endif
|
%endif
|
||||||
Name: bind
|
Name: bind
|
||||||
Version: 9.18.24
|
Version: 9.20.0
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: Domain Name System (DNS) Server (named)
|
Summary: Domain Name System (DNS) Server (named)
|
||||||
License: MPL-2.0
|
License: MPL-2.0
|
||||||
@ -92,6 +92,7 @@ BuildRequires: pkgconfig(krb5)
|
|||||||
BuildRequires: pkgconfig(libidn2)
|
BuildRequires: pkgconfig(libidn2)
|
||||||
BuildRequires: pkgconfig(libmaxminddb)
|
BuildRequires: pkgconfig(libmaxminddb)
|
||||||
BuildRequires: pkgconfig(libnghttp2)
|
BuildRequires: pkgconfig(libnghttp2)
|
||||||
|
BuildRequires: pkgconfig(liburcu)
|
||||||
BuildRequires: pkgconfig(libuv)
|
BuildRequires: pkgconfig(libuv)
|
||||||
BuildRequires: pkgconfig(libxml-2.0)
|
BuildRequires: pkgconfig(libxml-2.0)
|
||||||
Requires: %{name}-utils
|
Requires: %{name}-utils
|
||||||
@ -375,7 +376,6 @@ mv vendor-files/config/rndc-access.conf %{buildroot}/%{_sysconfdir}/named.d
|
|||||||
install -D -m 0644 %{SOURCE70} %{buildroot}%{_prefix}/lib/tmpfiles.d/bind.conf
|
install -D -m 0644 %{SOURCE70} %{buildroot}%{_prefix}/lib/tmpfiles.d/bind.conf
|
||||||
install -D -m 0644 %{_sourcedir}/named.root %{buildroot}%{_datadir}/factory%{_localstatedir}/lib/named/root.hint
|
install -D -m 0644 %{_sourcedir}/named.root %{buildroot}%{_datadir}/factory%{_localstatedir}/lib/named/root.hint
|
||||||
install -m 0644 vendor-files/config/{127.0.0,localhost}.zone %{buildroot}%{_datadir}/factory%{_localstatedir}/lib/named
|
install -m 0644 vendor-files/config/{127.0.0,localhost}.zone %{buildroot}%{_datadir}/factory%{_localstatedir}/lib/named
|
||||||
install -m 0644 bind.keys %{buildroot}%{_datadir}/factory%{_localstatedir}/lib/named/named.root.key
|
|
||||||
install -d -m 0755 %{buildroot}/%{_unitdir}/named.service.d
|
install -d -m 0755 %{buildroot}/%{_unitdir}/named.service.d
|
||||||
%else
|
%else
|
||||||
for file in named; do
|
for file in named; do
|
||||||
@ -422,7 +422,6 @@ done
|
|||||||
# ---------------------------------------------------------------------------
|
# ---------------------------------------------------------------------------
|
||||||
# remove useless Makefiles and Makefile skeletons
|
# remove useless Makefiles and Makefile skeletons
|
||||||
find %{buildroot}/%{_defaultdocdir}/bind \( -name Makefile -o -name Makefile.in \) -exec rm {} +
|
find %{buildroot}/%{_defaultdocdir}/bind \( -name Makefile -o -name Makefile.in \) -exec rm {} +
|
||||||
install -m 0644 bind.keys %{buildroot}%{_localstatedir}/lib/named/named.root.key
|
|
||||||
%if %{with_systemd}
|
%if %{with_systemd}
|
||||||
mkdir -p %{buildroot}%{_sysusersdir}
|
mkdir -p %{buildroot}%{_sysusersdir}
|
||||||
install -m 644 %{SOURCE72} %{buildroot}%{_sysusersdir}/
|
install -m 644 %{SOURCE72} %{buildroot}%{_sysusersdir}/
|
||||||
@ -532,7 +531,6 @@ fi
|
|||||||
%config %{_var}/lib/named/root.hint
|
%config %{_var}/lib/named/root.hint
|
||||||
%config %{_var}/lib/named/127.0.0.zone
|
%config %{_var}/lib/named/127.0.0.zone
|
||||||
%config %{_var}/lib/named/localhost.zone
|
%config %{_var}/lib/named/localhost.zone
|
||||||
%config %{_var}/lib/named/named.root.key
|
|
||||||
%dir %{_libexecdir}/bind
|
%dir %{_libexecdir}/bind
|
||||||
%{_libexecdir}/bind/named.prep
|
%{_libexecdir}/bind/named.prep
|
||||||
%dir %{_libdir}/bind-plugins
|
%dir %{_libdir}/bind-plugins
|
||||||
@ -571,7 +569,6 @@ fi
|
|||||||
%files utils
|
%files utils
|
||||||
%dir %{_sysconfdir}/named.d
|
%dir %{_sysconfdir}/named.d
|
||||||
%config(noreplace) %{_sysconfdir}/named.d/rndc-access.conf
|
%config(noreplace) %{_sysconfdir}/named.d/rndc-access.conf
|
||||||
%config(noreplace) %{_sysconfdir}/bind.keys
|
|
||||||
%dir %{_sysconfdir}/openldap
|
%dir %{_sysconfdir}/openldap
|
||||||
%dir %{_sysconfdir}/openldap/schema
|
%dir %{_sysconfdir}/openldap/schema
|
||||||
%attr(0444,root,root) %config %{_sysconfdir}/openldap/schema/dnszone.schema
|
%attr(0444,root,root) %config %{_sysconfdir}/openldap/schema/dnszone.schema
|
||||||
@ -594,20 +591,17 @@ fi
|
|||||||
%{_bindir}/dnssec-verify
|
%{_bindir}/dnssec-verify
|
||||||
%{_bindir}/dnssec-cds
|
%{_bindir}/dnssec-cds
|
||||||
%{_bindir}/dnstap-read
|
%{_bindir}/dnstap-read
|
||||||
|
%{_bindir}/dnssec-ksr
|
||||||
%{_sbindir}/ddns-confgen
|
%{_sbindir}/ddns-confgen
|
||||||
%{_sbindir}/rndc
|
%{_sbindir}/rndc
|
||||||
%{_sbindir}/rndc-confgen
|
%{_sbindir}/rndc-confgen
|
||||||
%{_sbindir}/tsig-keygen
|
%{_sbindir}/tsig-keygen
|
||||||
%{_libdir}/libbind9-%{version}.so
|
|
||||||
%{_libdir}/libdns-%{version}.so
|
%{_libdir}/libdns-%{version}.so
|
||||||
%{_libdir}/libirs-%{version}.so
|
|
||||||
%{_libdir}/libisc-%{version}.so
|
%{_libdir}/libisc-%{version}.so
|
||||||
%{_libdir}/libisccc-%{version}.so
|
%{_libdir}/libisccc-%{version}.so
|
||||||
%{_libdir}/libisccfg-%{version}.so
|
%{_libdir}/libisccfg-%{version}.so
|
||||||
%{_libdir}/libns-%{version}.so
|
%{_libdir}/libns-%{version}.so
|
||||||
%{_libdir}/libbind9.so
|
|
||||||
%{_libdir}/libdns.so
|
%{_libdir}/libdns.so
|
||||||
%{_libdir}/libirs.so
|
|
||||||
%{_libdir}/libisc.so
|
%{_libdir}/libisc.so
|
||||||
%{_libdir}/libisccc.so
|
%{_libdir}/libisccc.so
|
||||||
%{_libdir}/libisccfg.so
|
%{_libdir}/libisccfg.so
|
||||||
@ -634,6 +628,7 @@ fi
|
|||||||
%{_mandir}/man1/named-journalprint.1%{ext_man}
|
%{_mandir}/man1/named-journalprint.1%{ext_man}
|
||||||
%{_mandir}/man1/nsec3hash.1%{ext_man}
|
%{_mandir}/man1/nsec3hash.1%{ext_man}
|
||||||
%{_mandir}/man1/dnstap-read.1%{ext_man}
|
%{_mandir}/man1/dnstap-read.1%{ext_man}
|
||||||
|
%{_mandir}/man1/dnssec-ksr.1.gz
|
||||||
%{_mandir}/man5/rndc.conf.5%{ext_man}
|
%{_mandir}/man5/rndc.conf.5%{ext_man}
|
||||||
%{_mandir}/man8/ddns-confgen.8%{ext_man}
|
%{_mandir}/man8/ddns-confgen.8%{ext_man}
|
||||||
%{_mandir}/man8/rndc.8%{ext_man}
|
%{_mandir}/man8/rndc.8%{ext_man}
|
||||||
|
BIN
vendor-files.tar.bz2
(Stored with Git LFS)
BIN
vendor-files.tar.bz2
(Stored with Git LFS)
Binary file not shown.
Loading…
Reference in New Issue
Block a user